- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
I have two /56 IPv6 prefixes, one which is used in our Bay Area office, and one which is unused. I have taken a /64 from the unused /56 prefix and assigned it for use by our office in The Netherlands. They will use DHCP to assign the addresses to a small set of workstations that need to send IPv6 traffic across our site-to-site tunnel (PA-820 and PA-220 endpoints) and out our local ISP (to bypass GeoIP filtering that is making testing difficult for the engineering team there).
I believe what I need to do is create a PBF rule on the NL side PA that takes the source interface/zone and IPv6 range and forwards packets to the tunnel interface as egress. I 'm fairly certain that I need to define a next-hop IP, and I am uncertain how to proceed. Do I need to assign IPv6 to both tunnel interfaces, and if so, what is the correct way to determine IPs for these. IPv6 is enabled on the tunnel interfaces so they presumably have link-local IPv6 addresses I can get from the CLI, but I am not sure if these are the correct way to proceed . On the local side, the traffic should just follow the default route to the internet and return traffic should route back through our edge and I'll just need to set up a static route for the /64 block to route back across the tunnel to NL.
Any input is appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!